1. Specifications: a) Prevent all traffic from the workstation 220.127.116.11 from reaching the workstation 18.104.22.168. Traffic from all other hosts/ networks including traffic from outside should be allowed. b) Traffic from the network 22.214.171.124 must not be allowed on the 126.96.36.199 network. All other traffic originating from 188.8.131.52 networks must be allowed (that is, outside traffic must not be allowed). c) Workstations 184.108.40.206 and 220.127.116.11 should not be allowed HTTP access on tower box 18.104.22.168. All other workstations can have HTTP access on the tower box. All other traffic including traffic from outside networks are allowed. d) 22.214.171.124 can telnet to 126.96.36.199. No one else from the network 188.8.131.52 can telnet to 184.108.40.206. All other hosts can telnet to 40.89. Also permit all other traffic, but only as long as they originate from 220.127.116.11 (that is, do not allow outside traffic). e) Allow ftp access only from the host 18.104.22.168 onto any host on the network 22.214.171.124. All other types of traffic from all other hosts are allowed, but only as long as they originate from 126.96.36.199 (that is, do not allow outside traffic). f) Prevent traffic from the network 188.8.131.52 from flowing on the network 184.108.40.206. All other traffic, including traffic from outside can. g) Prevent traffic from the tower box 220.127.116.11 from going outside to the non-18.104.22.168 network. All other traffic can go out.
Exercise 2: Write two programs (one for standard and one for extended) that simulate the processing of an ACL at a router’s interface. Each program should read two text files, one containing ACL statements, and another containing a list of IP addresses that represent packets coming into the interface. The input to the standard ACL program will be just a list of source IP addresses while the input to the extended ACL program will be a list of source IP address, destination IP address and port number. The program should process each packet according to the ACL statements and decide to permit or deny each packet. You may assume that the program is simulating the ACL (either in or out) at just one interface.